Heartbleed is a zero-day bug in many OpenSSL implementations, and effects a huge swatch of servers on the Internet. Here’s a list of resources I’ve been referencing:
- Heartbleed info -Â http://heartbleed.com/
- Heartbleed status on Heroku -Â https://status.heroku.com/incidents/606
- Heartbleed status on EngineYard -Â https://support.cloud.engineyard.com/entries/50554018
- Do we need to generate a new SSL key? -Â http://security.stackexchange.com/a/55210
- Info on how the Heartbleed bug works -Â http://security.stackexchange.com/q/55116
- Detailed info on who is vulnerable and how to fix it -Â http://unix.stackexchange.com/a/123712/33893
- Info on Postgres and Heartbleed -Â http://blog.hagander.net/archives/219-PostgreSQL-and-the-OpenSSL-Heartbleed-vulnerability.html
- Instructions for verifying openssl versions and patching on various distros -Â http://www.howtoforge.com/find_out_if_server_is_affected_from_openssl_heartbleed_vulnerability_cve-2014-0160_and_how_to_fix
- Reddit thread with good info -Â http://www.reddit.com/r/Bitcoin/comments/22gq5e/heartbleed_bug_major_openssl_vulnerability_could/
- Heartbleed status check tools - http://filippo.io/Heartbleed/, https://github.com/titanous/heartbleeder
- Info on Heartbleed bug on OS X -Â http://apple.stackexchange.com/q/126916
- Official announcement from openssl -Â https://www.openssl.org/news/secadv_20140407.txt
- Recommended additional steps after patching OpenSSL -Â http://security.stackexchange.com/a/55089
- Comic relief -Â http://xkcd.com/1353/
I am thankful today for SaaS platforms and virtual hosting environments, as they’ve meant I’ve had to do a minimal amount of work on my end to patch the applications I maintain.